Description
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.
Remediation
References
Related Vulnerabilities
WordPress Plugin wp-microblogs Cross-Site Scripting (0.4.0)
Caddy Web Server Improper Input Validation Vulnerability (CVE-2026-27590)
MySQL CVE-2019-2802 Vulnerability (CVE-2019-2802)
WordPress Plugin Citizen Space Cross-Site Scripting (1.1)
WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7118)